The first version of the Industry Guidelines on Cyber Security Onboard Ships was published in 2016, with version 2 in July 2017, version 3 in December 2018 and version 4 in Dec 2020.
The Industry Guidelines are designed to develop understanding and awareness of key aspects of cyber security and cyber safety and are not intended to give technical guidance for the ship or personnel on board. The Industry Guidelines focus on distinctive issues onboard ships and assume a high level of commitment from the company ashore.
The Guidelines on Cyber Security Onboard Ships, version 4 is available for download here.
The fourth version, published on 23 Dec 2020, contains general updates to best practices in the field of cyber risk management, and as a key feature, includes a section with improved guidance on the concept of risk and risk management. The improved risk model takes into consideration the threat as the product of capability, opportunity, and intent, and explains the likelihood of a cyber incident as the product of vulnerability and threat. Thus, the improved risk model offers an explanation as to why still relatively few safety-related incidents have unfolded in the maritime industry, but also why this should not be misinterpreted and make shipping companies lower their guard.
It is published at a time when shipowners and ship managers are faced with a requirement to implement cyber risk management in their safety management systems (SMS) by the time of their first Document of Compliance audit after 1 January 2021.
The following organizations produced the fourth edition: BIMCO, Chamber of Shipping of America, Digital Containership Association, INTERCARGO, Interferry, ICS, InterManager, INTERTANKO, IMCA, IUMI, OCIMF, Superyacht Builders Association, and WSC.